A major type of internet fraud, today, is known as phishing. Phishing typically involves the practice of obtaining confidential information through the manipulation of legitimate users. Typically, the confidential information is a user's password, credit card details, social security number, or other sensitive user information. Phishing may be carried out by masquerading as a trustworthy person, website, or business. In one approach, a message may be sent to an unsuspecting user. The message may include a link or other mechanism that links to an illegitimate source. In another approach, a webpage that may appear to be legitimate is provided to the user. However, the webpage (or message) is designed to trick the user into providing their confidential information, including such as their user name, password, or the like. Such webpages (or messages) may relate to account log-in sites, credit card entry sites, or the like. Once the unsuspecting user enters their information, the phisher may be able to obtain the sensitive information and use it to create fake accounts in a victim's name, ruin the victim's credit, make purchases under the victim's name, sell the information to others, perform acts under the victim's identity, or even prevent the victim from accessing their own money and/or accounts.
Unfortunately, this type of fraudulent activity is becoming more popular, primarily because of how easy it is to convince people to divulge their sensitive information over the internet. It has been estimated that between May 2004 and May 2005, for example, over one million computer users in the United States suffered over $900 million in losses due to such fraudulent phishing schemes. Because victims to these attacks may reduce their activities over the internet with websites that have been phished, many legitimate busineses may also suffer both financially, and in their reputation.